The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection via untrusted data ingestion. \n- Ingestion points: The agent is instructed to "Always re-read the PPTX before editing" (workflow.md) and process user-provided markdown specifications (templates/presentation-spec.md). \n- Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the provided files. \n- Capability inventory: The skill utilizes the base pptx skill to perform file modification and creation operations (Phase 3 of workflow.md). \n- Sanitization: No sanitization, validation, or escaping of the ingested content is implemented. An attacker could embed instructions in an existing presentation's slides or speaker notes that the agent would then follow during the iterative update process. \n- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external dependency. \n- Evidence: SKILL.md points to the base pptx skill at https://github.com/anthropics/skills/blob/main/skills/pptx/SKILL.md. \n- Trust Scope: The source belongs to the 'anthropics' organization, which is a Trusted GitHub Organization. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW severity.

pptx-azure